// ------------------------------------------------------------------------------------------
// Licensed by Interprise Solutions.
// http://www.InterpriseSolutions.com
// For details on this license please visit  the product homepage at the URL above.
// THE ABOVE NOTICE MUST REMAIN INTACT.
// ------------------------------------------------------------------------------------------

using System;
using System.Web.Security;
using System.Web.UI.WebControls;
using InterpriseSuiteEcommerceCommon;
using InterpriseSuiteEcommerceCommon.Extensions;
using InterpriseSuiteEcommerceCommon.InterpriseIntegration.Authentication;

public partial class admin_signin : System.Web.UI.Page
{
    #region Private Methods

    private void DisplayLoginFailed()
    {
        lblError.Text = "Invalid Login";
    }

    private void DisplayAccountLocked()
    {
        lblError.Text = "Your account has been locked due to too many failed login attempts.  Please contact the site administrator.";
    }

    private void AutoLogin()
    {
        if (!Security.IsAdminCurrentlyLoggedIn()) { return; }

        var authCookie = Request.Cookies[".ADMINAUTH"];
        if (authCookie.IsNullOrEmptyTrimmed()) { return; }
        string userName = authCookie.Value;

        var ticket = FormsAuthentication.Decrypt(Request.Cookies[".ADMINAUTH"].Value);
        var account = ISSIUserAccount.Find(ticket.Name);

        if (account.IsNullOrEmptyTrimmed())
        {
            // user account non existent...
            DisplayLoginFailed();
            return;
        }

        if (account.IsLocked)
        {
            DisplayAccountLocked();
            return;
        }

        RestrictedResourceManager.CreateAuthenticationTicket(account.UserCode, ".ADMINAUTH", false);

        string returnUrl = CommonLogic.ReturnURLDecode(CommonLogic.QueryStringCanBeDangerousContent("returnurl"));
        if (returnUrl.IsNullOrEmptyTrimmed())
        {
            returnUrl = "default.aspx";
        }

        Response.Redirect(returnUrl);
    }

    private void DoAuthentication()
    {
        if (loginCtrl.UserName.IsNullOrEmptyTrimmed() &&
            loginCtrl.Password.IsNullOrEmptyTrimmed()) { return; }

        var account = ISSIUserAccount.Find(loginCtrl.UserName);

        if (account.IsNullOrEmptyTrimmed())
        {
            // user account non existent..
            DisplayLoginFailed();
            return;
        }

        if (account.IsLocked)
        {
            DisplayAccountLocked();
            return;
        }

        account.Authenticate(loginCtrl.Password);

        if (account.IsAuthenticated)
        {
            RestrictedResourceManager.CreateAuthenticationTicket(account.UserCode, ".ADMINAUTH", false);

            string returnUrl = CommonLogic.ReturnURLDecode(CommonLogic.QueryStringCanBeDangerousContent("returnurl"));
            if (CommonLogic.IsStringNullOrEmpty(returnUrl))
            {
                returnUrl = "default.aspx";
            }

            Response.Redirect(returnUrl);
        }
        else
        {
            if (!account.IsAboutToReachTheBadLoginLimit)
            {
                account.IncrementBadLoginCount();
                DisplayLoginFailed();
                return;
            }
            else
            {
                account.LockAccount();
                DisplayAccountLocked();
                return;
            }
        }
    }

    #endregion

    #region Events

    protected override void OnInit(EventArgs e)
    {
        this.loginCtrl.LoggingIn += new LoginCancelEventHandler(LoginCtrl_LoggingIn);

        base.OnInit(e);
    }

    protected void Page_Load(object sender, EventArgs e)
    {
        if (IsPostBack) { return; }

        AutoLogin();
    }

    protected void LoginCtrl_LoggingIn(object sender, LoginCancelEventArgs e)
    {
        e.Cancel = true;

        DoAuthentication();
    }

    #endregion
}
